Security researchers discovered a critical vulnerability in Adobe CC that if exploited could allow an attacker to delete files from your computer. The bug that affects only Windows users, was patched by the company and is extremely important to update immediately.
Adobe has published a security bulletin informing users of the release of important security updates for the desktop application from Creative Cloud. The recommendation is to upgrade as soon as possible any version that is 5.0 or more old.
TOCTTOU
The vulnerability it is described as Time-of-check Time-of-use (TOCTOU or TOCTTOU) Race Condition, a bug that affects the security checks that a program performs when it uses resources of the computer, such as memory, files, and processes.
That is to say, Adobe CC before using any resource of the system, like any other program, performs a check of the status of these resources. However, the state of the resource can change between the review and the use of a form that invalidates the results of such review.
This in turn can cause the software to perform actions invalid when the resources are in an unexpected state. This weakness it is relevant to level of security because an attacker can influence the state of a resource at that point between the fix and use it, and that affects the stored files, memory, or even variables in other programs.
The recommendation is to upgrade as soon as possible to Creative Cloud Desktop 5.1 for Windows. Of time Adobe has not found evidence that vulnerability has been exploited, but the ideal is to upgrade in the first 72 years because it multiplies the risk of that to begin to be abused.
Via | ZDNet
it was originally published in
Engadget
by
Gabriela Gonzalez
.
